Site navigation

New Research Casts Doubts on Scottish Cyber Resilience

Michael Behr


Scottish cyber resilience
Despite various cybersecurity tools being offered to Scottish businesses, there are still gaps in the country’s preparedness for cyberattacks.

Concerns have been raised over Scotland’s cyber resilience after more than one-third (38%) of businesses said they do not feel prepared for a cyberattack.

The findings come from research published by the Scottish Business Resilience Centre (SBRC) which saw the organisation survey more than 250 Scottish businesses.

Despite an apparent lack of preparedness, two-thirds (66%) of those surveyed told the SBRC that cybersecurity has become more important for their business over the past year.

CEO of the SBRC Jude McCorry said: “We’ve seen the number of cyberattacks rise over the past year, and a change in the type of attack as cyber criminals seek to take advantage of our increased reliance on technology while working remotely.

“It’s not a case of ‘if’ your systems will be attacked, but ‘when’ so it’s vital that business owners go on the offensive and prepare themselves – particularly as the majority of attacks are basic in nature and can be prevented. Learning that so many businesses aren’t confident in how they can prevent attacks is cause for concern.”

The findings come one year after the National Cyber Security Centre (NCSC) relaunched Cyber Essentials, a government-backed scheme to help organisations become better protected against cyberattacks, with leading cybersecurity specialists IASME Consortium as its partner.

Businesses which become Cyber Essentials-certified can prevent or limit the fallout from up to 80% of common cyberattacks, increasing trust among their customers.

According to the SBRC research, 78% of the companies knew of Cyber Essentials, yet just over half (54%) were aware of the benefits it can bring to an organisation.

Participation in the scheme can also impact business opportunities; some UK government contracts now require the certification and other organisations may prefer to work with certified companies.

As a result, 37% of businesses whose company is not Cyber Essentials or Cyber Essentials Plus certified believed that they have lost out on business as a result.

McCorry added: “Cyber Essentials is a simple way for business owners to become more aware of their cyber processes and accreditation demonstrates to their customers and suppliers that they take their cyber resilience seriously.

“It’s clear from the survey that many aren’t aware of the scheme, so we’d like to take this opportunity to encourage people to look into it. Improving your cyber defences could mean the difference between your company surviving a cyber attack or losing all your systems and data.”


The last few months have brought one high profile cyber-attack after another. Breaches at SolarWinds and Microsoft Exchange were followed by high-profile attacks on US companies Colonial Pipeline and beef supplier JBS.

These attacks have illustrated the growing threat posed by cyber-attacks. The Colonial Pipeline attack had knock-on effects across the wider economy, leading to higher petrol prices and shortages in the US. While the JBS attack is still at its early stages, experts believe it has the potential to affect around 20% of the US beef supply.

Scotland has not been immune to the growth in the volume and scale of cyber-attacks. The Scottish Environmental Protection Agency (SEPA) was hit by a major ransomware attack at the tail end of 202 that shut down its systems.

Cybercriminals were able to steal around 1.2 Gb of data from the organisation. In addition, even five months after the attack, the group is still struggling to resume normal operations, which may pose a risk to its work as an environmental watchdog.

As such, the modern wave of cyber-attacks not only impacts companies and their customers, but also can have repercussions across the wider economy.

Michael Behr

Senior Staff Writer

Latest News

%d bloggers like this: